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DETAILED ACTION 



1. Claims 3, 6-10, and 15-17, and 19-30 have been examined. 

2. In view of the Appeal Brief filed on 25 April 2008, PROSECUTION IS HEREBY 
REOPENED. A new ground of rejection under 35 U.S.C. 112, first paragraph is set 
forth below. 

To avoid abandonment of the application, Applicant must exercise one of the 
following two options: 

(1 ) file a reply under 37 CFR 1.111 (if this Office action is non-final) or a reply 
under 37 CFR 1.113 (if this Office action is final); or, 

(2) initiate a new appeal by filing a notice of appeal under 37 CFR 41 .31 followed 
by an appeal brief under 37 CFR 41 .37. The previously paid notice of appeal fee and 
appeal brief fee can be applied to the new appeal. If, however, the appeal fees set forth 
in 37 CFR 41 .20 have been increased since they were previously paid, then Applicant 
must pay the difference between the increased fees and the amount previously paid. 

A Supervisory Patent Examiner (SPE) has approved of reopening prosecution by 
signing below: 

/Kristine Kincaid/ 

Supervisory Patent Examiner, Art Unit 2139 



Information Disclosure Statement 



Application/Control Number: 10/088,258 Page 2 

Art Unit: 2139 

3. The following Information Disclosure Statements in the instant application have 
been fully considered: 

IDS filed 8 January 2008. 

Claim Rejections - 35 USC §112 

The following is a quotation of the first paragraph of 35 U.S.C. 112: 

The specification shall contain a written description of the invention, and of the manner and process of 
making and using it, in such full, clear, concise, and exact terms as to enable any person skilled in the 
art to which it pertains, or with which it is most nearly connected, to make and use the same and shall 
set forth the best mode contemplated by the inventor of carrying out his invention. 

4. Claim 30 is rejected under 35 U.S.C. 112, first paragraph, as failing to comply 
with the written description requirement. The claim(s) contains subject matter which 
was not described in the specification in such a way as to reasonably convey to one 
skilled in the relevant art that the inventor(s), at the time the application was filed, had 
possession of the claimed invention. The original disclosure does not use the term "lock 
the user interface" as recited in the claim. In view of Applicant's arguments (see Appeal 
Brief, filed 25 April 2008, pp. 16-17), it is unclear how the term would be apprised by 
one of ordinary skill in the art. The section of the specification that Applicant has cited in 
the Appeal Brief as supporting this limitation (see Appeal Brief, filed 25 April 2008, p. 4, 
lines 1-3) does not provide any guidance whatsoever. The limitation is therefore new 
matter. 
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The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that 
form the basis for the rejections under this section made in this Office action: 

A person shall be entitled to a patent unless - 

(b) the invention was patented or described in a printed publication in this or a foreign country or in public 
use or on sale in this country, more than one year prior to the date of application for patent in the United 
States. 

5. Claims 26 and 29 are rejected under 35 U.S.C. 102(b) as being anticipated by 
WIPO Patent Publication No. 98/44402 to Bramhill et al. 

Bramhill discloses a server that securely sends data to an authenticated client. 
This inherently requires the server to have a memory from which an image of the 
program having this functionality can be executed. The authentication of the token may 
involve the use of a token sent to the client to verify that the client has permission and 
has not been tampered, ensuring that the client restricts use of the data (such as image 
data, which is displayed at a client) before it is sent (see p. 11, lines 4-17; p. 14, lines 
27-29; p. 16, line 20 to p. 17, line 20). 

Claim Rejections - 35 USC § 103 

The following is a quotation of 35 U.S.C. 1 03(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set 
forth in section 102 of this title, if the differences between the subject matter sought to be patented and 
the prior art are such that the subject matter as a whole would have been obvious at the time the 
invention was made to a person having ordinary skill in the art to which said subject matter pertains. 
Patentability shall not be negatived by the manner in which the invention was made. 
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6. Claims 8 and 25 are rejected under 35 U.S.C. 103(a) as being unpatentable over 
U.S. Patent No. 5,825,879 to Davis in view of U.S. Patent No. 5,517,569 to Clark. 

As per claim 25, Davis discloses a client platform having a display and a 
communications means that is secure by dint of its receiving encrypted data (see 
column 3, lines 54-61) and an image processing module, the secure video content 
processor, that stores received images in a frame buffer (memory) and may sends its 
output directly to (i.e. controls) a display device (see column 3, line 62 to column 4, line 
17; column 4, lines 49-55; and column 5, lines 47-59). The SVCP is tamper-proofed, 
protected physically (see column 4, lines 32-48) and logically (protected key loading, 
see column 3, lines 27-43) from modification. The signal may be received from an on- 
line service provider, which inherently employs a server (see column 3, lines 20-26), 
encrypted with a key for a specific authorized purpose (see column 3, lines 28-43). 

Davis does not disclose a mechanism for verifying the integrity of the platform 
upon user request. 

Clark discloses a hardware test in a protected platform in which a user may 
initiate the verifying of the platform's integrity (see column 5, lines 32-35). One skilled in 
the art would recognize that it is important for a user to have confidence in the platform 
that he or she is using. 

Therefore it would have been obvious to one of ordinary skill in the art at the time 
the invention was made to modify the invention of Davis by implementing it with a user- 
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initiated integrity check, as disclosed by Clark, so that a user may have confidence in 
the platform that he or she is using. 

Regarding claim 8, by authenticating the received data, Davis' client in effect 
verifies the trusted status of another platform, the server. 

7. Claims 3, 6, 9, 1 5-1 7, 1 9-22, 25, 28, and 29 are rejected under 35 U.S.C. 1 03(a) 
as being unpatentable over WIPO Patent Publication No. 98/44402 to Bramhill et al. as 
applied to claim 26 above and further in view of U.S. Patent No. 5,825,879 to Davis 
further in view of U.S. Patent No. 5,517,569 to Clark. 

Regarding claims 25, 28, and 29, Bramhill does not disclose the physical 
protection of the client from unauthorized modification. 

Davis discloses a tamper-proof client, as disclosed above, that receives image 
data into a frame buffer and displayed. Davis further suggests that by protecting the 
data over the entire processing flow, an unauthorized copier will find it more difficult to 
capture the unencrypted digital representation (see column 2, lines 61-64). 

Therefore it would have been obvious to one of ordinary skill in the art at the time 
the invention was made to modify the invention of Bramhill by using Davis' tamper- 
proofing at the client, to make it more difficult to capture the unencrypted digital 
representation. 

Bramhill and Davis do not disclose a mechanism for verifying the integrity of the 
platform upon user request. 
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Clark discloses a hardware test in a protected platform in which a user may 
initiate the verifying of the platform's integrity (see column 5, lines 32-35). One skilled in 
the art would recognize that it is important for a user to have confidence in the platform 
that he or she is using. 

Therefore it would have been obvious to one of ordinary skill in the art at the time 
the invention was made to modify the invention of Bramhill and Davis by implementing it 
with a user-initiated integrity check, as disclosed by Clark, so that a user may have 
confidence in the platform that he or she is using. 

Regarding claim 3, Bramhill discloses the monitoring of integrity of the client and 
data flows by comparing current values to initial characteristics (see p. 17, lines 1-20). 
The integrity of the image may be verified by using a hash (see p. 14, lines 14-19). 

Regarding claim 6, 15, and 19, Bramhill discloses that the client (user) initiates 
data requests (see p. 9, lines 15-29). Though Bramhill does not specifically recite a 
secure user interface, Davis' modification, which dictates that the transaction must be 
secure on an end-to-end basis, necessitates a secure user interface to the server from 
the client as well. 

As per claim 9, 1 7, and 22, Bramhill also discloses the use of a smart card for 
authentication of the client by the server during a session, which inherently requires a 
smart card reader (see p. 18, lines 20-25). 

Regarding claim 16, different parts of the transaction are being respectively 
performed at the client and server. 
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Regarding claim 20, the steps of requesting and receiving transmissions may go 
on indefinitely. 

Regarding claim 21 , Bramhill does not disclose the maintaining of usage logs. 

Davis discloses the use of metering (usage logs) in such transactions, in order to 
maintain billing records for transmission to a transaction clearing house (see column 1 , 
lines 60-63). 

Therefore it would have been obvious to one of ordinary skill in the art at the time 
the invention was made to further modify the invention of Bramhill by using metering, as 
per Davis, in order to maintain billing records for transmission to a transaction clearing 
house. 

8. Claims 1 0, 23, and 24 are rejected under 35 U.S.C. 1 03(a) as being 
unpatentable over WIPO Patent Publication No. 98/44402 to Bramhill et al. in view of 
U.S. Patent No. 5,825,879 to Davis further in view of U.S. Patent No. 5,517,569 to Clark 
as applied to claims 25 and 29 above, and further in view of U.S. Patent No. 5,990,927 
to Hendricks et al. 

Bramhill, Davis, and Clark do not disclose the insertion of server-provided into 
data streams. 

Hendricks discloses the integration of advertisements (i.e. not requested by the 
client) into the program signal (see column 9, lines 16-23), and suggests that because 
of this, local headends (servers) are not constrained to show only programs transmitted 
from the operations center (see column 7, lines 61-67). 
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Therefore, it would have been obvious to one having ordinary skill in the art at 
the time the invention was made to modify the invention of Bramhill, Davis, and Clark by 
allowing for the insertion of advertisements into data streams, as disclosed by 
Hendricks, so that local headends are not constrained to show only programs 
transmitted from the operations center. 

9. Claims 7 and 27 are rejected under 35 U.S.C. 1 03(a) as being unpatentable over 
WIPO Patent Publication No. 98/44402 to Bramhill et al. in view of U.S. Patent No. 
5,825,879 to Davis further in view of U.S. Patent No. 5,517,569 to Clark as applied to 
claims 25 and 26 above, and further in view of U.S. Patent No. 6,219,788 to Flavin et al. 

Bramhill, Davis, and Clark do not disclose the authentication of a protected 
server-trusted component by a client. 

Flavin discloses a computer watchdog system wherein tamper protection may be 
incorporated at either the server or client in a content distribution system, monitoring 
other systems, in order to ensure just execution of agreements between a producer and 
distributor of the content (see abstract). 

Therefore, it would have been obvious to one having ordinary skill in the art at 
the time the invention was made to modify the invention of Bramhill, Davis, and Clark by 
using Flavin's watchdog system, in order to ensure just execution of agreements 
between a producer and distributor of the content. 
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10. Claim 30 is rejected under 35 U.S.C. 103(a) as being unpatentable over WIPO 
Patent Publication No. 98/44402 to Bramhill et al. as applied to claim 26 above and 
further in view of U.S. Patent No. 5,825,879 to Davis further in view of U.S. Patent No. 
5,355,414 to Hale et al. 

Regarding claims 25, 28, and 29, Bramhill does not disclose the physical 
protection of the client from unauthorized modification. 

Davis discloses a tamper-proof client, as disclosed above, that receives image 
data into a frame buffer and displayed. Davis further suggests that by protecting the 
data over the entire processing flow, an unauthorized copier will find it more difficult to 
capture the unencrypted digital representation (see column 2, lines 61-64). 

Therefore it would have been obvious to one of ordinary skill in the art at the time 
the invention was made to modify the invention of Bramhill by using Davis' tamper- 
proofing at the client, to make it more difficult to capture the unencrypted digital 
representation. 

Bramhill and Davis do not disclose a locking of a user interface. 

Hale discloses a security system in which the user interface may be blanked 
(locked) (see column 13, lines 16-19), so that, in an insecure situation, information 
visible on the display is not viewable (see column 3, lines 27-33). 

Therefore it would have been obvious to one of ordinary skill in the art at the time 
the invention was made to modify the invention of Bramhill and Davis by allowing for a 
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locking display, as disclosed by Hale, so that insecure information on a display is not 
viewable. 

Response to Arguments 

1 1 . Regarding claims 26 and 29, though the client disclosed by Bramhill is not as 
well-protected as that of the instant application, it nonetheless constitutes a trusted 
component insofar as the term is defined in the instant application's specification. 
Bramhill does disclose the authentication of the platform, thus establishing a level of 
trust about the client platform. That the client is programmed in Java is irrelevant. The 
security of a programming-language is implementation-dependent, and programming 
languages are not inherently insecure by themselves. Although the claims are 
interpreted in light of the specification, limitations from the specification are not read into 
the claims. See In re Van Geuns, 988 F.2d 1181, 26 USPQ2d 1057 (Fed. Cir. 1993). 
Though Applicant's specification recites some properties commonly associated with 
trusted systems, the term as discussed in the specification does not preclude the cited 
art and these features have not been incorporated into the claim language. 

Regarding Applicant's argument that Bramhill only discloses a program, Bramhill 
discloses a program that is installed on an authenticated client (see p. 1 1 , lines 4-5, for 
example); the client and program must be considered together and do anticipate 
Applicant's invention as claimed. The fact that Bramhill discloses authentication for the 
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reasons concerning payment collection does not mean that the client running the 
program is not a "trusted component." 

Regarding Applicant's argument that the display is not being controlled from 
within the trusted component, Bramhill's disclosure clearly shows that the images being 
displayed are being controlled by software in the authenticated client to display received 
non-functional descriptive material or, alternatively, error messages (see p. 14, lines 21- 
29). 

Regarding Applicant's argument to claim 29 that Bramhill does not use a token 
any block of data containing relevant information constitutes a token. The transmission 
disclosed by Bramhill therefore is a token. 

Regarding Applicant's argument that Bramhill's invention does not check for 
tampering, that property is also not explicitly claimed, and is not inherently necessary for 
a component to be "trusted." 

12. Regarding Applicant's argument over claims 8 and 25, Davis' invention clearly 
includes protection against the use of unauthorized keys, including the encrypting of 
decryption keys used by the SVCP, which one skilled in the art would recognize as 
potentially frustrating an attempt to misuse the system, rather than simply the display. 
Since such encryption frustrates attempts at modification by anyone not having the 
proper key, it constitutes "logical protection." It therefore enjoys some protection from 
unauthorized modification insofar as the limitation has been recited in the claims. 
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Regarding Applicant's argument that one skilled in the art would not be motivated 
to incorporate Clark's teachings into the invention of Davis, the fact that applicant has 
recognized another advantage which would flow naturally from following the suggestion 
of the prior art cannot be the basis for patentability when the differences would 
otherwise be obvious. See Ex parte Obiaya, 227 USPQ 58, 60 (Bd. Pat. App. & Inter. 
1985). It is noted that, when there is a desire to make a system secure, it is reasonable 
for one skilled in the art to add additional layers of security to an invention. Though 
headend systems are typically installed in home environments, they can also be found 
in more secure locations. "Users" in a deployment may just be the customers 
themselves (who themselves may have reasons for having an untampered system), but 
may also be technicians from the service provider; moreover, the references are 
analogous in nature and would reasonably be combined by one skilled in the art without 
any specific motivation. 

Regarding Applicant's argument with respect to claim 8, that the authentication of 
data does not verify the trusted status of a source, it is noted that since data from a bad 
source would fail the authentication check, a successful authentication affirms that a 
source is, at least to some extent, trustworthy. Applicant's asserts that Davis does not 
disclose an authentication check; however, Applicant is not claiming an authentication 
per se and, since the success of a transaction at the client is dependent upon the 
trustworthiness of the transmitting platform, Davis' system effectively verifies the other 
platforms' integrity. 
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1 3. Regarding Applicant's argument over claims 3, 6, 9, 1 5-1 7, 1 9-22, 25, 28, and 
29, In response to applicant's argument that the examiner's conclusion of obviousness 
is based upon improper hindsight reasoning, it must be recognized that any judgment 
on obviousness is in a sense necessarily a reconstruction based upon hindsight 
reasoning. But so long as it takes into account only knowledge which was within the 
level of ordinary skill at the time the claimed invention was made, and does not include 
knowledge gleaned only from the applicant's disclosure, such a reconstruction is proper. 
See In re McLaughlin, 443 F.2d 1392, 170 USPQ 209 (CCPA 1971). Applicant has 
argued that one skilled in the art would not be motivated to modify Bramhill's invention 
using Davis and Clark. Bramhill does not give specifics as to what kind of display 
should be used. Davis and Clark's invention is a display controller, and can therefore 
easily be combined into Bramhill to fulfill that role. Since each invention contributes 
attributes that make the whole system more secure, it would be obvious to combine 
them all in order to enjoy greater overall security. Though Bramhill and Davis take 
different approaches to security, the approaches are not at all mutually exclusive and 
there is no reason to believe that the two inventions could not be combined without 
undue effort, given that one is primarily a software implementation and the other is in 
hardware. The stated grounds of rejection sufficiently establish obviousness. 

14. Regarding claim 30, Applicant's argument that the user interface is considered to 
be locked if and only if all of the parts of the user interface are disabled. Since the user 
interface is dependent upon the display, the loss of the display renders the user 
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interface useless, thus effectively locking it, since the ability to use a keyboard is 
severely limited when the user cannot receive any feedback. Applicant's specification 
gives no guidance as to how the term "locked" should be interpreted, prompting the new 
rejection under 35 U.S.C. 112, first paragraph, above. Since Hale's modification 
provides further protection from misuse over and above that provided in the other 
references, one skilled in the art would reasonably be motivated to incorporate it in 
order to further enhance security. 



Conclusion 



1 5. Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Matthew E. Heneghan, whose telephone number is 
(571) 272-3834. The examiner can normally be reached on Monday-Friday from 8:30 
AM - 4:30 PM Eastern Time. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Kristine Kincaid, can be reached at (571) 272-4063. 

Any response to this action should be mailed to: 

Commissioner of Patents and Trademarks 
P.O. Box 1450 
Alexandria, VA 22313-1450 
Or faxed to: 

(571)273-3800 

Any inquiry of a general nature or relating to the status of this application or 
proceeding should be directed to the receptionist whose telephone number is (571 ) 272- 
2100. 
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Information regarding the status of an application may be obtained from the 
Patent Application Information Retrieval (PAIR) system. Status information for 
published applications may be obtained from either Private PAIR or Public PAIR. 
Status information for unpublished applications is available through Private PAIR only. 
For more information about the PAIR system, see http://pair-direct.uspto.gov. Should 
you have questions on access to the Private PAIR system, contact the Electronic 
Business Center (EBC) at 866-217-9197 (toll-free). 



July 9, 2008 



/Matthew Heneghan/ 

Primary Patent Examiner, USPTO AU 2139 



